CAPEC-621 Metadata
Likelihood of Attack
High
Typical Severity
Low
Overview
Summary
An attacker may intercept and log encrypted transmissions for the purpose of analyzing metadata such as packet timing and sizes. Although the actual data may be encrypted, this metadata may reveal valuable information to an attacker. Note that this attack is applicable to VOIP data as well as application data, especially for interactive apps that require precise timing and low-latency (e.g. thin-clients).
Prerequisites
Use of untrusted communication paths enables an attacker to intercept and log communications, including metadata such as packet timing and sizes.
Potential Solutions / Mitigations
Distort packet sizes and timing at VPN layer by adding padding to normalize packet sizes and timing delays to reduce information leakage via timing.
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-201 | Insertion of Sensitive Information Into Sent Data |
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-189 | An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds. |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.